thunderbird

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Standalone mail and news reader from mozilla.org
Version 68.3.0-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1072 68.2.2-2 68.3.0-1 Critical Fixed
AVG-1054 68.1.1-1 68.2.0-1 Critical Fixed
AVG-980 60.7.0-1 60.7.1-1 High Fixed
AVG-965 60.6.1-2 60.7.0-1 Critical Fixed
AVG-947 60.5.3-1 60.6.1-1 Critical Fixed
AVG-908 60.5.0-1 60.5.1-1 Critical Fixed
AVG-803 60.2.1-2 60.3.0-1 Critical Fixed
AVG-782 60.0-4 60.2.1-1 Critical Fixed FS#60424
AVG-751 52.9.1-1 60.0-1 Critical Fixed
AVG-728 52.8.0-1 52.9.1-1 Critical Fixed
AVG-707 52.7.0-2 52.8.0-1 Critical Fixed
AVG-663 52.6.0-2 52.7.0-1 Critical Fixed
AVG-530 52.4.0-2 52.5.0-1 Critical Fixed
AVG-441 52.3.0-2 52.4.0-1 Critical Fixed
AVG-385 52.2.1-1 52.3.0-1 Critical Fixed
AVG-303 52.1.1-1 52.2.0-1 Critical Fixed
AVG-193 45.7.1-3 45.8.0-1 Critical Fixed
AVG-158 45.6.0-1 45.7.0-1 Critical Fixed
AVG-91 45.5.0-1 45.5.1-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2019-18511 AVG-965 High Yes Same-origin policy bypass
An issue has been found in Thunderbird before 60.7.0, where cross- origin images can be read from a canvas element in violation of the same-origin policy...
CVE-2019-17012 AVG-1072 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 71.0 and Thunderbird before 68.3. Some of these bugs showed evidence of memory corruption and...
CVE-2019-17011 AVG-1072 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. Under certain conditions, when retrieving a document from...
CVE-2019-17010 AVG-1072 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. Under certain conditions, when checking the Resist...
CVE-2019-17008 AVG-1072 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3. When using nested workers, a use-after- free could occur...
CVE-2019-17005 AVG-1072 High Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in Firefox before 71.0 and Thunderbird before 68.3 where the plain text serializer used a fixed-size...
CVE-2019-15903 AVG-1054 Medium Yes Denial of service
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing...
CVE-2019-11764 AVG-1054 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 70.0 and Thunderbird before 68.2. Some of these bugs showed evidence of memory corruption and...
CVE-2019-11763 AVG-1054 Medium Yes Insufficient validation
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where failure to correctly handle null bytes when processing HTML entities...
CVE-2019-11762 AVG-1054 Medium Yes Same-origin policy bypass
A same-origin policy bypass has been found in Firefox before 70.0 and Thunderbird before 68.2 where, if two same-origin documents set document.domain...
CVE-2019-11761 AVG-1054 Medium Yes Access restriction bypass
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where by using a form with a data URI it was possible to gain access to the...
CVE-2019-11760 AVG-1054 Critical Yes Arbitrary code execution
A fixed-size stack buffer overflow has been found in nrappkit, in the WebRTC signaling code of Firefox before 70.0 and Thunderbird before 68.2.
CVE-2019-11759 AVG-1054 Critical Yes Arbitrary code execution
A stack-based buffer overflow has been found in the HKDF output of Firefox before 70.0 and Thunderbird before 68.2. An attacker could have caused 4 bytes of...
CVE-2019-11757 AVG-1054 Critical Yes Arbitrary code execution
A use-after-free issue has been found in the IndexedDB component of Firefox before 70.0 and Thunderbird before 68.2. When storing a value in IndexedDB, the...
CVE-2019-11745 AVG-1072 Critical Yes Arbitrary code execution
An out-of-bounds write vulnerability has been found in the NSS component of Firefox before 71.0 and Thunderbird before 68.3. When encrypting with a block...
CVE-2019-11706 AVG-980 Low Yes Denial of service
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email...
CVE-2019-11705 AVG-980 High Yes Arbitrary code execution
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email...
CVE-2019-11704 AVG-980 High Yes Arbitrary code execution
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email...
CVE-2019-11703 AVG-980 High Yes Arbitrary code execution
A flaw in Thunderbird's implementation of iCal before 60.7.1 causes a heap buffer overflow in parser_get_next_char when processing certain email messages,...
CVE-2019-11698 AVG-965 Medium Yes Information disclosure
If a crafted hyperlink is dragged and dropped to the bookmark bar or sidebar in Firefox before 67.0 or Thunderbird before 60.7.0, and the resulting bookmark...
CVE-2019-11693 AVG-965 Critical Yes Arbitrary code execution
The bufferdata function in WebGL in Firefox before 67.0 and Thunderbird before 60.7.0 is vulnerable to a buffer overflow with specific graphics drivers on...
CVE-2019-11692 AVG-965 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when listeners are removed from the event listener manager...
CVE-2019-11691 AVG-965 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 67.0 and Thunderbird before 60.7.0, when working with XMLHttpRequest (XHR) in an event loop,...
CVE-2019-9819 AVG-965 Critical Yes Arbitrary code execution
A vulnerability where a JavaScript compartment mismatch can occur in Firefox before 67.0 and Thunderbird before 60.7.0, while working with the fetch API,...
CVE-2019-9817 AVG-965 High Yes Same-origin policy bypass
In Firefox before 67.0 and Thunderbird before 60.7.0, images from a different domain can be read using a canvas object in some circumstances. This could be...
CVE-2019-9816 AVG-965 High Yes Access restriction bypass
A possible vulnerability exists in Firefox before 67.0 and Thunderbird before 60.7.0, where type confusion can occur when manipulating JavaScript objects in...
CVE-2019-9813 AVG-947 Critical Yes Arbitrary code execution
An incorrect handling of __proto__ mutations may lead to type confusion in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird before 60.6.1,...
CVE-2019-9810 AVG-947 Critical Yes Arbitrary code execution
An incorrect alias information in the IonMonkey JIT compiler of Firefox before 66.0.1 and Thunderbird before 60.6.1 for the Array.prototype.slice method may...
CVE-2019-9800 AVG-965 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 67.0 and Thunderbird before 60.7.0. Some of these bugs showed evidence of memory corruption and...
CVE-2019-7317 AVG-965 Low No Denial of service
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-5798 AVG-965 Medium Yes Information disclosure
An out-of-bounds read has been found in the Skia component of the chromium browser before 73.0.3683.75 and Thunderbird before 60.7.0.
CVE-2019-5785 AVG-908 High Yes Arbitrary code execution
An integer overflow issue has been found in the Skia component of firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18509 AVG-908 High Yes Insufficient validation
A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird before 60.5.1 as having a valid digital signature, even if...
CVE-2018-18356 AVG-908 High Yes Arbitrary code execution
A use-after-free has been found in the Skia component of chromium before 71.0.3578.80 and firefox before 65.0.1 and thunderbird before 60.5.1.
CVE-2018-18335 AVG-908 Critical Yes Arbitrary code execution
A heap-based buffer overflow has been found in the Skia component of chromium before 71.0.3578.80 and thunderbird before 60.5.1.
CVE-2018-12392 AVG-803 Critical Yes Arbitrary code execution
A security issue has been found in Firefox and Thunderbird versions prior to 63.0. When manipulating user events in nested loops while opening a document...
CVE-2018-12390 AVG-803 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox and Thunderbird versions prior to 63.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-12389 AVG-803 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Thunderbird versions prior to 63.0. Some of these bugs showed evidence of memory corruption and Mozilla...
CVE-2018-12385 AVG-782 Medium No Arbitrary code execution
A security issue has been found in Thunderbird versions prior to 60.2.1. A potentially exploitable crash in TransportSecurityInfo used for SSL can be...
CVE-2018-12383 AVG-782 Low No Information disclosure
A security issue has been found in Thunderbird versions prior to 60.2.1. If a user saved passwords before the move to a new password format and then later...
CVE-2018-12379 AVG-782 Medium No Arbitrary code execution
A security issue has been found in Thunderbird versions prior to 60.2.1. When the Mozilla Updater opens a MAR format file which contains a very long item...
CVE-2018-12378 AVG-782 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Thunderbird versions prior to 60.2.1, which can occur when an IndexedDB index is deleted while still in use...
CVE-2018-12377 AVG-782 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Thunderbird versions prior to 60.2.1, which can occur when refresh driver timers are refreshed in some...
CVE-2018-12376 AVG-782 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Thunderbird versions prior to 60.2.1.
CVE-2018-12374 AVG-728 Low Yes Information disclosure
A security issue has been found in Thunderbird before 52.9, where plaintext of decrypted emails can leak through by user submitting an embedded form by...
CVE-2018-12373 AVG-728 High Yes Information disclosure
A security issue has been found in Thunderbird before 52.9, where S/MIME parts hidden with CSS or <plaintext> can leak plaintext when included in a HTML...
CVE-2018-12372 AVG-728 High Yes Information disclosure
A security issue has been found in Thunderbird before 52.9, where decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext...
CVE-2018-12371 AVG-751 Medium Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library shipped with Firefox before 61.0  and Thunderbird before 60.0, when allocating memory...
CVE-2018-12367 AVG-751 Medium Yes Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 60.0. In the previous mitigations for Spectre, the resolution or precision of...
CVE-2018-12366 AVG-728 Medium Yes Information disclosure
An invalid grid size during QCMS (color profile) transformations can result in the out-of-bounds read interpreted as a float value, in Firefox before 61.0...
CVE-2018-12365 AVG-728 Medium No Information disclosure
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9 where a compromised IPC child process can escape the content sandbox and...
CVE-2018-12364 AVG-728 High Yes Cross-site request forgery
A security issue has been found in Firefox before 61.0 and Thunderbird before 52.9, where NPAPI plugins, such as Adobe Flash, can send non- simple...
CVE-2018-12363 AVG-728 High Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when script uses mutation events to move DOM nodes between...
CVE-2018-12362 AVG-728 High Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 during graphics operations done by the Supplemental Streaming SIMD...
CVE-2018-12361 AVG-751 Critical Yes Arbitrary code execution
An integer overflow can occur in Firefox before 61.0 and Thunderbird before 60.0 in the SwizzleData code while calculating buffer sizes. The overflowed...
CVE-2018-12360 AVG-728 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 61.0 and Thunderbird before 52.9 when deleting an input element during a mutation event handler...
CVE-2018-12359 AVG-728 Critical Yes Arbitrary code execution
A buffer overflow can occur in Firefox before 61.0 and Thunderbird before 52.9 when rendering canvas content while adjusting the height and width of the...
CVE-2018-5188 AVG-728 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 52.9. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5187 AVG-751 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 61.0 and Thunderbird before 60.0. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5185 AVG-707 Low Yes Information disclosure
A security issue has been found in Thunderbird before 52.8, where plaintext of decrypted emails can leak through by user submitting an embedded form.
CVE-2018-5184 AVG-707 High Yes Information disclosure
A security issue has been found in Thunderbird before 52.8, where using remote content in S/MIME encrypted messages can lead to the disclosure of plaintext...
CVE-2018-5183 AVG-707 Critical Yes Arbitrary code execution
Several memory corruption issues including invalid buffer reads and writes during graphic operations have been found in the Skia library.
CVE-2018-5178 AVG-707 Medium Yes Information disclosure
A buffer overflow was found in Thunderbird before 52.8, during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data....
CVE-2018-5170 AVG-707 Medium Yes Content spoofing
It is possible in Thunderbird before 52.8 to spoof the filename of an attachment and display an arbitrary attachment name. This could lead to a user opening...
CVE-2018-5168 AVG-707 Medium Yes Access restriction bypass
Sites can bypass security checks on permissions to install lightweight themes in Firefox before 60.0 and Thunderbird before 52.8, by manipulating the...
CVE-2018-5162 AVG-707 Medium Yes Information disclosure
A security issue has been found in Thunderbird before 52.8, where plaintext of decrypted emails can leak through the src attribute of remote images, or links.
CVE-2018-5161 AVG-707 Medium Yes Denial of service
A security issue has been found in Thunderbird before 52.8, where crafted message headers can cause a Thunderbird process to hang on receiving the message.
CVE-2018-5159 AVG-707 High Yes Arbitrary code execution
An integer overflow vulnerability has been found in the Skia library used in Firefox < 60.0 and Thunderbird < 52.8, due to 32-bit integer use in an array...
CVE-2018-5156 AVG-751 High Yes Arbitrary code execution
A vulnerability can occur in Firefox before 61.0  and Thunderbird before 60.0 when capturing a media stream when the media source type is changed as the...
CVE-2018-5155 AVG-707 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while adjusting layout during SVG animations with text paths.
CVE-2018-5154 AVG-707 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 60.0 and Thunderbird < 52.8, while enumerating attributes during SVG animations with clip paths.
CVE-2018-5150 AVG-707 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox before 60.0 and Thunderbird before 52.8. Some of these bugs showed evidence of memory corruption and...
CVE-2018-5146 AVG-663 Critical Yes Arbitrary code execution
An out of bounds memory write vulnerability has been discovered in libvorbis before 1.3.6 while processing Vorbis audio data related to codebooks that are...
CVE-2018-5145 AVG-663 Critical Yes Arbitrary code execution
Various memory safety bugs have been found in Thunderbird < 52.7.0, some of them presenting evidence of memory corruption. Mozilla presumes that with enough...
CVE-2018-5144 AVG-663 High Yes Arbitrary code execution
An integer overflow can occur during conversion of text to some Unicode character sets in Thunderbird < 52.7.0, due to an unchecked length parameter.
CVE-2018-5129 AVG-663 High No Access restriction bypass
A lack of parameter validation on IPC messages results in a potential out-of-bounds write in Thunderbird < 52.7.0, through malformed IPC messages. This can...
CVE-2018-5127 AVG-663 Critical Yes Arbitrary code execution
A buffer overflow can occur in Thunderbird < 52.7.0 when manipulating the SVG animatedPathSegList through script. This results in a potentially exploitable crash.
CVE-2018-5125 AVG-663 Critical Yes Arbitrary code execution
Various memory safety bugs have been found in Thunderbird < 52.7.0 and Firefox < 59.0, some of them presenting evidence of memory corruption. Mozilla...
CVE-2017-7830 AVG-530 High Yes Same-origin policy bypass
The Resource Timing API in Firefox before 57.0 and Thunderbird before 52.5 incorrectly revealed navigations in cross-origin iframes. This is a same-origin...
CVE-2017-7828 AVG-530 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in Firefox before 57.0 and Thunderbird before 52.5 when flushing and resizing layout because the PressShell object...
CVE-2017-7826 AVG-530 Critical Yes Arbitrary code execution
Several reported memory safety bugs have been found in Firefox before 57.0 and Thunderbird before 52.5. Some of these bugs showed evidence of memory...
CVE-2017-7824 AVG-441 Critical Yes Arbitrary code execution
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content in Thunderbird < 52.4. This is due to...
CVE-2017-7823 AVG-441 Medium Yes Cross-site scripting
The content security policy (CSP) sandbox directive in Thunderbird < 52.4  did not create a unique origin for the document, causing it to behave as if the...
CVE-2017-7819 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from...
CVE-2017-7818 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the...
CVE-2017-7814 AVG-441 Medium Yes Access restriction bypass
A security issue has been found in Thunderbird < 52.4. File downloads encoded with blob: and data: URL elements bypassed normal file download checks though...
CVE-2017-7810 AVG-441 Critical Yes Arbitrary code execution
Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported...
CVE-2017-7809 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while...
CVE-2017-7807 AVG-385 High Yes Content spoofing
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback...
CVE-2017-7805 AVG-441 Critical Yes Arbitrary code execution
A security issue has been found in Thunderbird < 52.4. During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved...
CVE-2017-7803 AVG-385 Medium Yes Access restriction bypass
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,...
CVE-2017-7802 AVG-385 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image...
CVE-2017-7801 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where...
CVE-2017-7800 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the...
CVE-2017-7793 AVG-441 Critical Yes Arbitrary code execution
A use-after-free vulnerability can occur in the Fetch API of Thunderbird < 52.4, when the worker or the associated window are freed when still in use,...
CVE-2017-7792 AVG-385 High Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an...
CVE-2017-7791 AVG-385 Medium Yes Content spoofing
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a...
CVE-2017-7787 AVG-385 High Yes Same-origin policy bypass
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the...
CVE-2017-7786 AVG-385 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This...
CVE-2017-7785 AVG-385 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within...
CVE-2017-7784 AVG-385 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the...
CVE-2017-7779 AVG-385 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2017-7778 AVG-303 High Yes Arbitrary code execution
An out-of-bounds write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7777 AVG-303 High Yes Information disclosure
An use of initialized memory has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in GlyphCache::Loader::read_glyph.
CVE-2017-7776 AVG-303 High Yes Information disclosure
A heap-buffer-overflow read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::getClassGlyph.
CVE-2017-7775 AVG-303 High Yes Denial of service
An assertion failure has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-7774 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Silf::readGraphite.
CVE-2017-7773 AVG-303 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7772 AVG-303 High Yes Arbitrary code execution
A heap-buffer-overflow write has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in lz4::decompress.
CVE-2017-7771 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in the Graphite 2 library used in Firefox < 54.0 and Thunderbird < 52.2, in Pass::readPass.
CVE-2017-7764 AVG-303 Medium Yes Content spoofing
A security issue has been found in Firefox < 54.0 and Thunderbird < 52.2, where characters from the "Canadian Syllabics" unicode block can be mixed with...
CVE-2017-7758 AVG-303 High Yes Information disclosure
An out-of-bounds read vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, with the Opus encoder when the number of channels in an audio...
CVE-2017-7757 AVG-303 High Yes Arbitrary code execution
A use after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in IndexedDB when one of its objects is destroyed in memory while a...
CVE-2017-7756 AVG-303 High Yes Arbitrary code execution
A use after-free and use-after-scope vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, when logging errors from headers for XML HTTP...
CVE-2017-7754 AVG-303 High Yes Information disclosure
An out-of-bounds read has been found in Firefox < 54.0 and Thunderbird < 52.2, with a maliciously crafted ImageInfo object during WebGL operations.
CVE-2017-7753 AVG-385 High Yes Information disclosure
An out-of-bounds read  has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using...
CVE-2017-7752 AVG-303 Medium Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during specific user interactions with the input method editor (IME) in some...
CVE-2017-7751 AVG-303 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, in content viewer listeners.
CVE-2017-7750 AVG-303 High Yes Arbitrary code execution
A use-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, during video control operations when a <track> element holds a reference to an...
CVE-2017-7749 AVG-303 High Yes Arbitrary code execution
A user-after-free has been found in Firefox < 54.0 and Thunderbird < 52.2, when using an incorrect URL during the reloading of a docshell.
CVE-2017-5472 AVG-303 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 54.0 and Thunderbird < 52.2, in the frameloader during tree reconstruction while regenerating CSS...
CVE-2017-5470 AVG-303 Critical Yes Arbitrary code execution
Several memory safety issues leading to arbitrary code execution have been found in Firefox < 54.0 and Thunderbird < 52.2.
CVE-2017-5410 AVG-193 Critical Yes Arbitrary code execution
Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for...
CVE-2017-5408 AVG-193 Medium Yes Information disclosure
Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential...
CVE-2017-5407 AVG-193 High Yes Information disclosure
Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user....
CVE-2017-5405 AVG-193 Low Yes Content spoofing
Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
CVE-2017-5404 AVG-193 Critical Yes Arbitrary code execution
A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This...
CVE-2017-5402 AVG-193 Critical Yes Arbitrary code execution
A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts.
CVE-2017-5401 AVG-193 Critical Yes Arbitrary code execution
A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error.
CVE-2017-5400 AVG-193 Critical Yes Arbitrary code execution
JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5398 AVG-193 Critical Yes Arbitrary code execution
Several memory safety bugs, some of them leading to memory corruption issues have been found in Firefox < 52 and Thunderbird < 45.8.
CVE-2017-5396 AVG-158 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events...
CVE-2017-5390 AVG-158 High Yes Privilege escalation
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and...
CVE-2017-5383 AVG-158 Medium Yes Content spoofing
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,...
CVE-2017-5380 AVG-158 High Yes Arbitrary code execution
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7.
CVE-2017-5378 AVG-158 High Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between...
CVE-2017-5376 AVG-158 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents.
CVE-2017-5375 AVG-158 Critical Yes Arbitrary code execution
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5373 AVG-158 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2016-9079 AVG-91 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been discovered in the SVG Animation component of Firefox, leading to arbitrary code execution.

Advisories

Date Advisory Group Severity Description
06 Dec 2019 ASA-201912-2 AVG-1072 Critical arbitrary code execution
26 Oct 2019 ASA-201910-15 AVG-1054 Critical multiple issues
14 Jun 2019 ASA-201906-10 AVG-980 High multiple issues
23 May 2019 ASA-201905-8 AVG-965 Critical multiple issues
06 Apr 2019 ASA-201904-4 AVG-947 Critical arbitrary code execution
20 Feb 2019 ASA-201902-23 AVG-908 Critical multiple issues
06 Nov 2018 ASA-201811-10 AVG-803 Critical arbitrary code execution
18 Oct 2018 ASA-201810-13 AVG-782 Critical multiple issues
10 Aug 2018 ASA-201808-8 AVG-751 Critical multiple issues
16 Jul 2018 ASA-201807-4 AVG-728 Critical multiple issues
21 May 2018 ASA-201805-21 AVG-707 Critical multiple issues
24 Mar 2018 ASA-201803-22 AVG-663 Critical multiple issues
30 Nov 2017 ASA-201711-43 AVG-530 Critical multiple issues
12 Oct 2017 ASA-201710-19 AVG-441 Critical multiple issues
23 Aug 2017 ASA-201708-18 AVG-385 Critical multiple issues
16 Jun 2017 ASA-201706-20 AVG-303 Critical multiple issues
10 Mar 2017 ASA-201703-2 AVG-193 Critical multiple issues
29 Jan 2017 ASA-201701-40 AVG-158 Critical multiple issues
01 Dec 2016 ASA-201612-2 AVG-91 Critical arbitrary code execution